5a617fd550
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
114 lines
3.7 KiB
Bash
114 lines
3.7 KiB
Bash
#!/usr/bin/env bash
|
|
# /usr/local/bin/zroc-setup
|
|
# Interactive first-boot configuration wizard for the zROC appliance.
|
|
set -euo pipefail
|
|
|
|
INSTALL_DIR=/opt/zroc
|
|
ENV_FILE="$INSTALL_DIR/.env"
|
|
CERTS_DIR="$INSTALL_DIR/certs"
|
|
|
|
CYAN='\033[0;36m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m'
|
|
RED='\033[0;31m'; BOLD='\033[1m'; RESET='\033[0m'
|
|
|
|
header() { echo -e "\n${CYAN}${BOLD}$*${RESET}"; }
|
|
ok() { echo -e "${GREEN}✓ $*${RESET}"; }
|
|
warn() { echo -e "${YELLOW}⚠ $*${RESET}"; }
|
|
err() { echo -e "${RED}✗ $*${RESET}"; }
|
|
step() { echo -e "\n${BOLD}Step $*${RESET}"; echo "$(printf '─%.0s' {1..55})"; }
|
|
|
|
clear
|
|
echo -e "${CYAN}"
|
|
cat << 'BANNER'
|
|
███████╗██████╗ ██████╗ ██████╗
|
|
╚══███╔╝██╔══██╗██╔═══██╗██╔════╝
|
|
███╔╝ ██████╔╝██║ ██║██║
|
|
███╔╝ ██╔══██╗██║ ██║██║
|
|
███████╗██║ ██║╚██████╔╝╚██████╗
|
|
╚══════╝╚═╝ ╚═╝ ╚═════╝ ╚═════╝
|
|
|
|
Setup Wizard — Zerto Resiliency Observation Console
|
|
BANNER
|
|
echo -e "${RESET}"
|
|
|
|
# Step 1: Network
|
|
step "1/6 Network Configuration"
|
|
CURRENT_IP=$(hostname -I | awk '{print $1}')
|
|
echo "Current IP: ${BOLD}$CURRENT_IP${RESET} (DHCP)"
|
|
read -rp "Keep DHCP? [Y/n]: " NET_CHOICE
|
|
NET_CHOICE="${NET_CHOICE:-Y}"
|
|
PUBLIC_URL="https://$CURRENT_IP"
|
|
ok "Using $CURRENT_IP"
|
|
|
|
# Step 2: TLS
|
|
step "2/6 HTTPS / TLS Certificate"
|
|
echo "Using self-signed certificate (default)"
|
|
TLS_MODE="internal"
|
|
ok "Self-signed certificate will be generated by Caddy"
|
|
|
|
# Step 3: Admin password
|
|
step "3/6 zROC Admin Account"
|
|
while true; do
|
|
read -rsp "Admin password (min 12 chars): " ADMIN_PASS; echo
|
|
read -rsp "Confirm password: " ADMIN_PASS2; echo
|
|
if [[ "$ADMIN_PASS" != "$ADMIN_PASS2" ]]; then err "Passwords do not match.";
|
|
elif [[ ${#ADMIN_PASS} -lt 12 ]]; then err "Password must be at least 12 characters.";
|
|
else ok "Admin password set"; break; fi
|
|
done
|
|
|
|
# Step 4: ZVM Site 1
|
|
step "4/6 Zerto ZVM Configuration — Site 1"
|
|
read -rp "ZVM Hostname or IP: " ZVM_HOST
|
|
read -rp "ZVM Username [admin]: " ZVM_USER; ZVM_USER="${ZVM_USER:-admin}"
|
|
read -rsp "ZVM Password: " ZVM_PASS; echo
|
|
read -rp "vCenter Hostname (optional): " VCENTER_HOST
|
|
|
|
# Step 5: Second site
|
|
step "5/6 Second ZVM Site (optional)"
|
|
read -rp "Monitor a second site? [y/N]: " SITE2; SITE2="${SITE2:-N}"
|
|
|
|
# Step 6: Enterprise IdP
|
|
step "6/6 Enterprise Identity Provider (optional)"
|
|
echo "Using local Authentik accounts (default)"
|
|
|
|
# Generate secrets
|
|
SESSION_SECRET=$(openssl rand -hex 32)
|
|
AUTHENTIK_PG_PASS=$(openssl rand -hex 24)
|
|
AUTHENTIK_SECRET_KEY=$(openssl rand -hex 48)
|
|
OIDC_CLIENT_ID="zroc-dashboard"
|
|
OIDC_CLIENT_SECRET=$(openssl rand -hex 32)
|
|
|
|
# Write .env
|
|
cat > "$ENV_FILE" << EOF
|
|
PUBLIC_URL=$PUBLIC_URL
|
|
ZVM_HOST=$ZVM_HOST
|
|
ZVM_USERNAME=$ZVM_USER
|
|
ZVM_PASSWORD=$ZVM_PASS
|
|
VCENTER_HOST=${VCENTER_HOST:-}
|
|
SESSION_SECRET=$SESSION_SECRET
|
|
AUTHENTIK_PG_PASS=$AUTHENTIK_PG_PASS
|
|
AUTHENTIK_SECRET_KEY=$AUTHENTIK_SECRET_KEY
|
|
AUTHENTIK_CLIENT_ID=$OIDC_CLIENT_ID
|
|
AUTHENTIK_CLIENT_SECRET=$OIDC_CLIENT_SECRET
|
|
ZROC_OIDC_CLIENT_ID=$OIDC_CLIENT_ID
|
|
ZROC_OIDC_CLIENT_SECRET=$OIDC_CLIENT_SECRET
|
|
ZROC_PUBLIC_URL=$PUBLIC_URL
|
|
AUTHENTIK_ADMIN_TOKEN=PENDING_FIRST_START
|
|
GRAFANA_PASSWORD=$ADMIN_PASS
|
|
PROMETHEUS_URL=http://prometheus:9090
|
|
EOF
|
|
|
|
chmod 600 "$ENV_FILE"
|
|
ok ".env written to $ENV_FILE"
|
|
|
|
# Start services
|
|
echo "Starting zROC services..."
|
|
cd "$INSTALL_DIR"
|
|
docker compose up -d 2>&1 | tail -20
|
|
|
|
systemctl disable zroc-firstboot.service 2>/dev/null || true
|
|
|
|
echo -e "${GREEN}${BOLD}"
|
|
echo " ✅ zROC is ready!"
|
|
echo " Dashboard: $PUBLIC_URL"
|
|
echo -e "${RESET}"
|